Databases hold an oraganizations most valueable data, compromising this data can lead to revenue loss, loss of customer trust and lot of other negitive results. Every Organization must have a well-defined security policy for implementing a better security.Policies might not be same for all implementations, they are different for diffent needs. It depends on how sensitive the data is.
In order to implement an effective security, it is necessary to follow certain priciples right from the begining of the project. these principles are –
Security By Design – Make security an important aspect while designing your applications.
Defense-in-Depth – Multi layered approach – by creating multiple layers of security, you can generate a system with higher security assurance. If one layer of defense is defeated, another will hold.
Least Priveleges – Give only those priveleges that are necessary to perform a job. DB security is based on priveleges, privilege abuse cant occur if the (unnecessary)privileges haven’t been granted in the first place.
For any kind of system, the following are some of the areas where atleast minumum security measures that must be taken to keep data secure –
1. Problems with default user accounts – Oracle installs with a numerous default accounts, with well known passwords. This is a security threat and should be avoided and should take necessary action. If possible try to remove it. If not change the password, lock and expire the account and audit access to them. Also use the password management features particularly on default accounts.
2. Removing any stale accounts – A Security best practice is to remove unused or unneeded accounts.
3. Checking for weak or default passwords – A Poorly choosen password or a default password that was not been changed, is one of the greatest risk for a database.
4. Existence of any Oracle root kits, Backdoors /Trojans –
5. Resource Limits – Resource Limits help ensure that the application or user doesn’t intentionally take over the database and system’s resources that ultimately leads to DoS attacks.
6. Default Roles – Do not grant CONNECT RESOURCE OR DBA roles to users.
7. PUBLIC Privileges – Granting privileges to PUBLIC can create a huge security risk, and it is against the principle of Least Privileges.
8. Securing the Database Listener
9. Securing the Network – The Network, that makes Users or applications connect to the database, must be well secured.Network Encryption is strongly recomended while transfering you database data over network.
Lets see the details of some of them in later posts.